Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [2600] questions on PP-A

To: STDS-2600@xxxxxxxxxxxxxxxxx
Subject: Re: [2600] questions on PP-A
From: Brian Smithson <brian.smithson@xxxxxxxxxxxxx>
Date: Wed, 30 Sep 2009 16:01:32 -0700
Delivered-to: mhonarc@xxxxxxxxxxxxxxxx
In-reply-to: <9A6213D6CEDE5147A5FA6559410C363D048B7CDB@xxxxxxxxxxxxx>
List-help: <http://listserv.ieee.org/cgi-bin/wa?LIST=STDS-2600>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO%20STDS-2600>
List-owner: <mailto:STDS-2600-request@LISTSERV.IEEE.ORG>
List-subscribe: <mailto:STDS-2600-subscribe-request@LISTSERV.IEEE.ORG>
List-unsubscribe: <mailto:STDS-2600-unsubscribe-request@LISTSERV.IEEE.ORG>
Openpgp: id=073BBD1C
Organization: Ricoh Americas Corporation
References: A<4AAADA9A.8080700@xxxxxxxxxxxxx> <9A6213D6CEDE5147A5FA6559410C363D048B7CDB@xxxxxxxxxxxxx>
Reply-to: Brian Smithson <brian.smithson@xxxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Hi Lida,

These are not authoritative answers by any means:

I think the easiest way is to disable the USB interface in the "certified configuration". However, if you want to enable the interface and if it is only for memory sticks, I don't think it is a shared medium interface but the user would need to identify and authenticate (by using the operator panel, or somehow via the USB memory itself) before being authorized to print. If the USB interface is enabled and it can be used for other USB devices -- like a USB ethernet or wifi adaptor -- then I don't know.
MFP software should be considered "TSF Protected Data", which means that it can't be altered except by an authorized administrator. Therefore, if you''re going to install or update MFP software over the network (or by any other means), the entity performing the installation/update should be identified and authenticated, which means that you are satisfying the data access SFP. After that, I supposed FPT_TST.1 also applies.

--
Regards,
Brian Smithson
PM, Security Research
PMP, CSM, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435

Lida Wang wrote:

Hello all,

Could any one help me on the following questions? I have been struggling
on this for a long time.

Question 1:
If MFP support direct print via USB memory stick, could anyone help me
to identify all the security function policies that apply to this
feature? From my opinion, "USB memory stick" should be treated as a
user, so user identification is applied. However IEEE 1667 which handles
USB security is not finalized yet, so how to we handle USB
identification? Also do we treat the USB interface that MFP provides as
shared medium interface?

Question 2:
When install application to MFP through network, what are all the
security function policies that we should satisfy? Besides FPT_TST.1, is
there any other function that we should satisfy?

Regards,

Lida Wang

Principal engineer

Kyocera Technology Development.

References:
- [2600] meeting minutes, action items, and web site updates
  - From: Brian Smithson
- [2600] questions on PP-A
  - From: Lida Wang

Prev by Date: [2600] P2600.2, .3 and .4
Next by Date: [2600] updated drafts for PP-B/C/D
Previous by thread: [2600] questions on PP-A
Next by thread: [2600] web site changes
Index(es):
- Date
- Thread